config

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 18, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source
const (
	Default = madmin.Default
	Enable  = madmin.EnableKey
	Comment = madmin.CommentKey

	// Enable values
	EnableOn  = madmin.EnableOn
	EnableOff = madmin.EnableOff

	RegionName = "name"
	AccessKey  = "access_key"
	SecretKey  = "secret_key"
)

Default keys

View Source
const (
	CredentialsSubSys    = "credentials"
	PolicyOPASubSys      = "policy_opa"
	IdentityOpenIDSubSys = "identity_openid"
	IdentityLDAPSubSys   = "identity_ldap"
	CacheSubSys          = "cache"
	RegionSubSys         = "region"
	EtcdSubSys           = "etcd"
	StorageClassSubSys   = "storage_class"
	APISubSys            = "api"
	CompressionSubSys    = "compression"
	KmsVaultSubSys       = "kms_vault"
	KmsKesSubSys         = "kms_kes"
	LoggerWebhookSubSys  = "logger_webhook"
	AuditWebhookSubSys   = "audit_webhook"
	HealSubSys           = "heal"
	ScannerSubSys        = "scanner"
	CrawlerSubSys        = "crawler"
)

Top level config constants.

View Source
const (
	NotifyMySQLSubSys    = "notify_mysql"
	NotifyPostgresSubSys = "notify_postgres"
	NotifyRedisSubSys    = "notify_redis"
	NotifyWebhookSubSys  = "notify_webhook"
)

Notification config constants.

View Source
const (
	SubSystemSeparator = madmin.SubSystemSeparator
	KvSeparator        = madmin.KvSeparator
	KvSpaceSeparator   = madmin.KvSpaceSeparator
	KvComment          = madmin.KvComment
	KvNewline          = madmin.KvNewline
	KvDoubleQuote      = madmin.KvDoubleQuote
	KvSingleQuote      = madmin.KvSingleQuote

	// Env prefix used for all envs in MinIO
	EnvPrefix        = "MINIO_"
	EnvWordDelimiter = `_`
)

Constant separators

View Source
const (
	EnvAccessKey    = "MINIO_ACCESS_KEY"
	EnvSecretKey    = "MINIO_SECRET_KEY"
	EnvRootUser     = "MINIO_ROOT_USER"
	EnvRootPassword = "MINIO_ROOT_PASSWORD"

	EnvBrowser    = "MINIO_BROWSER"
	EnvDomain     = "MINIO_DOMAIN"
	EnvRegionName = "MINIO_REGION_NAME"
	EnvPublicIPs  = "MINIO_PUBLIC_IPS"
	EnvFSOSync    = "MINIO_FS_OSYNC"
	EnvArgs       = "MINIO_ARGS"
	EnvDNSWebhook = "MINIO_DNS_WEBHOOK_ENDPOINT"

	EnvUpdate = "MINIO_UPDATE"

	EnvKMSMasterKey  = "MINIO_KMS_MASTER_KEY" // legacy
	EnvKMSSecretKey  = "MINIO_KMS_SECRET_KEY"
	EnvKESEndpoint   = "MINIO_KMS_KES_ENDPOINT"
	EnvKESKeyName    = "MINIO_KMS_KES_KEY_NAME"
	EnvKESClientKey  = "MINIO_KMS_KES_KEY_FILE"
	EnvKESClientCert = "MINIO_KMS_KES_CERT_FILE"
	EnvKESServerCA   = "MINIO_KMS_KES_CAPATH"

	EnvEndpoints = "MINIO_ENDPOINTS" // legacy
	EnvWorm      = "MINIO_WORM"      // legacy
	EnvRegion    = "MINIO_REGION"    // legacy
)

Top level common ENVs

View Source
const DefaultComment = "optionally add a comment to this setting"

DefaultComment used across all sub-systems.

View Source
const EnvCertPassword = "MINIO_CERT_PASSWD"

EnvCertPassword is the environment variable which contains the password used to decrypt the TLS private key. It must be set if the TLS private key is password protected.

View Source
const (
	ValueSeparator = ","
)

Config value separator

Variables

View Source
var (
	DefaultCredentialKVS = KVS{
		KV{
			Key:   AccessKey,
			Value: auth.DefaultAccessKey,
		},
		KV{
			Key:   SecretKey,
			Value: auth.DefaultSecretKey,
		},
	}

	DefaultRegionKVS = KVS{
		KV{
			Key:   RegionName,
			Value: "",
		},
	}
)

Default KV configs for worm and region

View Source
var (
	ErrInvalidBrowserValue = newErrFn(
		"Invalid browser value",
		"Please check the passed value",
		"Browser can only accept `on` and `off` values. To disable web browser access, set this value to `off`",
	)

	ErrInvalidFSOSyncValue = newErrFn(
		"Invalid O_SYNC value",
		"Please check the passed value",
		"Can only accept `on` and `off` values. To enable O_SYNC for fs backend, set this value to `on`",
	)

	ErrOverlappingDomainValue = newErrFn(
		"Overlapping domain values",
		"Please check the passed value",
		"MINIO_DOMAIN only accepts non-overlapping domain values",
	)

	ErrInvalidDomainValue = newErrFn(
		"Invalid domain value",
		"Please check the passed value",
		"Domain can only accept DNS compatible values",
	)

	ErrInvalidErasureSetSize = newErrFn(
		"Invalid erasure set size",
		"Please check the passed value",
		"Erasure set can only accept any of [4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16] values",
	)

	ErrInvalidWormValue = newErrFn(
		"Invalid WORM value",
		"Please check the passed value",
		"WORM can only accept `on` and `off` values. To enable WORM, set this value to `on`",
	)

	ErrInvalidCacheDrivesValue = newErrFn(
		"Invalid cache drive value",
		"Please check the value in this ENV variable",
		"MINIO_CACHE_DRIVES: Mounted drives or directories are delimited by `,`",
	)

	ErrInvalidCacheExcludesValue = newErrFn(
		"Invalid cache excludes value",
		"Please check the passed value",
		"MINIO_CACHE_EXCLUDE: Cache exclusion patterns are delimited by `,`",
	)

	ErrInvalidCacheExpiryValue = newErrFn(
		"Invalid cache expiry value",
		"Please check the passed value",
		"MINIO_CACHE_EXPIRY: Valid cache expiry duration must be in days",
	)

	ErrInvalidCacheQuota = newErrFn(
		"Invalid cache quota value",
		"Please check the passed value",
		"MINIO_CACHE_QUOTA: Valid cache quota value must be between 0-100",
	)

	ErrInvalidCacheAfter = newErrFn(
		"Invalid cache after value",
		"Please check the passed value",
		"MINIO_CACHE_AFTER: Valid cache after value must be 0 or greater",
	)

	ErrInvalidCacheWatermarkLow = newErrFn(
		"Invalid cache low watermark value",
		"Please check the passed value",
		"MINIO_CACHE_WATERMARK_LOW: Valid cache low watermark value must be between 0-100",
	)

	ErrInvalidCacheWatermarkHigh = newErrFn(
		"Invalid cache high watermark value",
		"Please check the passed value",
		"MINIO_CACHE_WATERMARK_HIGH: Valid cache high watermark value must be between 0-100",
	)

	ErrInvalidCacheEncryptionKey = newErrFn(
		"Invalid cache encryption master key value",
		"Please check the passed value",
		"MINIO_CACHE_ENCRYPTION_MASTER_KEY: For more information, please refer to https://docs.min.io/docs/minio-disk-cache-guide",
	)

	ErrInvalidCacheRange = newErrFn(
		"Invalid cache range value",
		"Please check the passed value",
		"MINIO_CACHE_RANGE: Valid expected value is `on` or `off`",
	)

	ErrInvalidCacheCommitValue = newErrFn(
		"Invalid cache commit value",
		"Please check the passed value",
		"MINIO_CACHE_COMMIT: Valid expected value is `writeback` or `writethrough`",
	)

	ErrInvalidCacheSetting = newErrFn(
		"Incompatible cache setting",
		"Please check the passed value",
		"MINIO_CACHE_AFTER cannot be used with MINIO_CACHE_COMMIT setting",
	)
	ErrInvalidRotatingCredentialsBackendEncrypted = newErrFn(
		"Invalid rotating credentials",
		"Please set correct rotating credentials in the environment for decryption",
		`Detected encrypted config backend, correct old access and secret keys should be specified via environment variables MINIO_ROOT_USER_OLD and MINIO_ROOT_PASSWORD_OLD to be able to re-encrypt the MinIO config, user IAM and policies with new credentials`,
	)

	ErrInvalidCredentialsBackendEncrypted = newErrFn(
		"Invalid credentials",
		"Please set correct credentials in the environment for decryption",
		`Detected encrypted config backend, correct access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`,
	)

	ErrMissingCredentialsBackendEncrypted = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`Detected encrypted config backend, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD to be able to decrypt the MinIO config, user IAM and policies`,
	)

	ErrInvalidCredentials = newErrFn(
		"Invalid credentials",
		"Please provide correct credentials",
		`Access key length should be at least 3, and secret key length at least 8 characters`,
	)

	ErrEnvCredentialsMissingGateway = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`In Gateway mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`,
	)

	ErrEnvCredentialsMissingDistributed = newErrFn(
		"Credentials missing",
		"Please set your credentials in the environment",
		`In distributed server mode, access and secret keys should be specified via environment variables MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively`,
	)

	ErrInvalidErasureEndpoints = newErrFn(
		"Invalid endpoint(s) in erasure mode",
		"Please provide correct combination of local/remote paths",
		"For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide",
	)

	ErrInvalidNumberOfErasureEndpoints = newErrFn(
		"Invalid total number of endpoints for erasure mode",
		"Please provide an even number of endpoints greater or equal to 4",
		"For more information, please refer to https://docs.min.io/docs/minio-erasure-code-quickstart-guide",
	)

	ErrStorageClassValue = newErrFn(
		"Invalid storage class value",
		"Please check the value",
		`MINIO_STORAGE_CLASS_STANDARD: Format "EC:<Default_Parity_Standard_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Standard mode. Objects are stored in Standard mode, if storage class is not defined in Put request
MINIO_STORAGE_CLASS_RRS: Format "EC:<Default_Parity_Reduced_Redundancy_Class>" (e.g. "EC:3"). This sets the number of parity disks for MinIO server in Reduced Redundancy mode. Objects are stored in Reduced Redundancy mode, if Put request specifies RRS storage class
Refer to the link https://github.com/zhaohuxing/minio/tree/master/docs/erasure/storage-class for more information`,
	)

	ErrUnexpectedBackendVersion = newErrFn(
		"Backend version seems to be too recent",
		"Please update to the latest MinIO version",
		"",
	)

	ErrInvalidAddressFlag = newErrFn(
		"--address input is invalid",
		"Please check --address parameter",
		`--address binds to a specific ADDRESS:PORT, ADDRESS can be an IPv4/IPv6 address or hostname (default port is ':9000')
	Examples: --address ':443'
		  --address '172.16.34.31:9000'
		  --address '[fe80::da00:a6c8:e3ae:ddd7]:9000'`,
	)

	ErrInvalidFSEndpoint = newErrFn(
		"Invalid endpoint for standalone FS mode",
		"Please check the FS endpoint",
		`FS mode requires only one writable disk path
Example 1:
   $ minio server /data/minio/`,
	)

	ErrUnsupportedBackend = newErrFn(
		"Unable to write to the backend",
		"Please ensure your disk supports O_DIRECT",
		"",
	)

	ErrUnableToWriteInBackend = newErrFn(
		"Unable to write to the backend",
		"Please ensure MinIO binary has write permissions for the backend",
		`Verify if MinIO binary is running as the same user who has write permissions for the backend`,
	)

	ErrPortAlreadyInUse = newErrFn(
		"Port is already in use",
		"Please ensure no other program uses the same address/port",
		"",
	)

	ErrPortAccess = newErrFn(
		"Unable to use specified port",
		"Please ensure MinIO binary has 'cap_net_bind_service=+ep' permissions",
		`Use 'sudo setcap cap_net_bind_service=+ep /path/to/minio' to provide sufficient permissions`,
	)

	ErrSSLUnexpectedError = newErrFn(
		"Invalid TLS certificate",
		"Please check the content of your certificate data",
		`Only PEM (x.509) format is accepted as valid public & private certificates`,
	)

	ErrSSLUnexpectedData = newErrFn(
		"Invalid TLS certificate",
		"Please check your certificate",
		"",
	)

	ErrSSLNoPassword = newErrFn(
		"Missing TLS password",
		"Please set the password to environment variable `MINIO_CERT_PASSWD` so that the private key can be decrypted",
		"",
	)

	ErrNoCertsAndHTTPSEndpoints = newErrFn(
		"HTTPS specified in endpoints, but no TLS certificate is found on the local machine",
		"Please add TLS certificate or use HTTP endpoints only",
		"Refer to https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls for information about how to load a TLS certificate in your server",
	)

	ErrCertsAndHTTPEndpoints = newErrFn(
		"HTTP specified in endpoints, but the server in the local machine is configured with a TLS certificate",
		"Please remove the certificate in the configuration directory or switch to HTTPS",
		"",
	)

	ErrSSLWrongPassword = newErrFn(
		"Unable to decrypt the private key using the provided password",
		"Please set the correct password in environment variable `MINIO_CERT_PASSWD`",
		"",
	)

	ErrUnexpectedError = newErrFn(
		"Unexpected error",
		"Please contact MinIO at https://slack.min.io",
		"",
	)

	ErrInvalidCompressionIncludesValue = newErrFn(
		"Invalid compression include value",
		"Please check the passed value",
		"Compress extensions/mime-types are delimited by `,`. For eg, MINIO_COMPRESS_MIME_TYPES=\"A,B,C\"",
	)

	ErrInvalidGWSSEValue = newErrFn(
		"Invalid gateway SSE value",
		"Please check the passed value",
		"MINIO_GATEWAY_SSE: Gateway SSE accepts only C and S3 as valid values. Delimit by `;` to set more than one value",
	)

	ErrInvalidGWSSEEnvValue = newErrFn(
		"Invalid gateway SSE configuration",
		"",
		"Refer to https://docs.min.io/docs/minio-kms-quickstart-guide.html for setting up SSE",
	)

	ErrInvalidReplicationWorkersValue = newErrFn(
		"Invalid value for replication workers",
		"",
		"MINIO_API_REPLICATION_WORKERS: should be > 0",
	)
)

UI errors

View Source
var DefaultKVS map[string]KVS

DefaultKVS - default kvs for all sub-systems

View Source
var HelpSubSysMap map[string]HelpKVS

HelpSubSysMap - help for all individual KVS for each sub-systems also carries a special empty sub-system which dumps help for each sub-system key.

View Source
var Logger = struct {
	Info  func(msg string, data ...interface{})
	LogIf func(ctx context.Context, err error, errKind ...interface{})
}{}

Logger contains injected logger methods.

View Source
var (
	RegionHelp = HelpKVS{
		HelpKV{
			Key:         RegionName,
			Type:        "string",
			Description: `name of the location of the server e.g. "us-west-rack2"`,
			Optional:    true,
		},
		HelpKV{
			Key:         Comment,
			Type:        "sentence",
			Description: DefaultComment,
			Optional:    true,
		},
	}
)

Region and Worm help is documented in default config

SubSystems - all supported sub-systems

SubSystemsDynamic - all sub-systems that have dynamic config.

SubSystemsSingleTargets - subsystems which only support single target.

Functions

func CertificateText

func CertificateText(cert *x509.Certificate) string

CertificateText returns a human-readable string representation of the certificate cert. The format is similar to the OpenSSL way of printing certificates (not identical).

func CheckValidKeys

func CheckValidKeys(subSys string, kv KVS, validKVS KVS) error

CheckValidKeys - checks if inputs KVS has the necessary keys, returns error if it find extra or superflous keys.

func Decrypt

func Decrypt(KMS kms.KMS, ciphertext io.Reader, context kms.Context) (io.Reader, error)

Decrypt decrypts the ciphertext using a key managed by the KMS. The same context that have been used during encryption must be provided.

func DecryptBytes

func DecryptBytes(KMS kms.KMS, ciphertext []byte, context kms.Context) ([]byte, error)

DecryptBytes decrypts the ciphertext using a key managed by the KMS. The same context that have been used during encryption must be provided.

func Encrypt

func Encrypt(KMS kms.KMS, plaintext io.Reader, context kms.Context) (io.Reader, error)

Encrypt encrypts the plaintext with a key managed by KMS. The context is bound to the returned ciphertext.

The same context must be provided when decrypting the ciphertext.

func EncryptBytes

func EncryptBytes(KMS kms.KMS, plaintext []byte, context kms.Context) ([]byte, error)

EncryptBytes encrypts the plaintext with a key managed by KMS. The context is bound to the returned ciphertext.

The same context must be provided when decrypting the ciphertext.

func EnsureCertAndKey

func EnsureCertAndKey(ClientCert, ClientKey string) error

EnsureCertAndKey checks if both client certificate and key paths are provided

func Errorf

func Errorf(format string, a ...interface{}) error

Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type config.Error

func FmtError

func FmtError(introMsg string, err error, jsonFlag bool) string

FmtError converts a fatal error message to a more clear error using some colors

func FormatBool

func FormatBool(b bool) string

FormatBool prints stringified version of boolean.

func LoadX509KeyPair

func LoadX509KeyPair(certFile, keyFile string) (tls.Certificate, error)

LoadX509KeyPair - load an X509 key pair (private key , certificate) from the provided paths. The private key may be encrypted and is decrypted using the ENV_VAR: MINIO_CERT_PASSWD.

func LookupCreds

func LookupCreds(kv KVS) (auth.Credentials, error)

LookupCreds - lookup credentials from config.

func LookupRegion

func LookupRegion(kv KVS) (string, error)

LookupRegion - get current region.

func LookupWorm

func LookupWorm() (bool, error)

LookupWorm - check if worm is enabled

func NewConfigWriteTo

func NewConfigWriteTo(cfg Config, key string) io.WriterTo

NewConfigWriteTo - returns a struct which allows for serializing the config/kv struct to a io.WriterTo

func ParseBool

func ParseBool(str string) (bool, error)

ParseBool returns the boolean value represented by the string. It accepts 1, t, T, TRUE, true, True, 0, f, F, FALSE, false, False. Any other value returns an error.

func ParsePublicCertFile

func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error)

ParsePublicCertFile - parses public cert into its *x509.Certificate equivalent.

func RegisterDefaultKVS

func RegisterDefaultKVS(kvsMap map[string]KVS)

RegisterDefaultKVS - this function saves input kvsMap globally, this should be called only once preferably during `init()`.

func RegisterHelpSubSys

func RegisterHelpSubSys(helpKVSMap map[string]HelpKVS)

RegisterHelpSubSys - this function saves input help KVS for each sub-system globally, this function should be called only once preferably in during `init()`.

func SetCredentials

func SetCredentials(c Config, cred auth.Credentials)

SetCredentials - One time migration code needed, for migrating from older config to new for server credentials.

func SetRegion

func SetRegion(c Config, name string)

SetRegion - One time migration code needed, for migrating from older config to new for server Region.

Types

type BoolFlag

type BoolFlag bool

BoolFlag - wrapper bool type.

func ParseBoolFlag

func ParseBoolFlag(s string) (bf BoolFlag, err error)

ParseBoolFlag - parses string into BoolFlag.

func (BoolFlag) MarshalJSON

func (bf BoolFlag) MarshalJSON() ([]byte, error)

MarshalJSON - converts BoolFlag into JSON data.

func (BoolFlag) String

func (bf BoolFlag) String() string

String - returns string of BoolFlag.

func (*BoolFlag) UnmarshalJSON

func (bf *BoolFlag) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON - parses given data into BoolFlag.

type Config

type Config map[string]map[string]KVS

Config - MinIO server config structure.

func New

func New() Config

New - initialize a new server config.

func (Config) Clone

func (c Config) Clone() Config

Clone - clones a config map entirely.

func (Config) DelFrom

func (c Config) DelFrom(r io.Reader) error

DelFrom - deletes all keys in the input reader.

func (Config) DelKVS

func (c Config) DelKVS(s string) error

DelKVS - delete a specific key.

func (Config) GetKVS

func (c Config) GetKVS(s string, defaultKVS map[string]KVS) (Targets, error)

GetKVS - get kvs from specific subsystem.

func (Config) Merge

func (c Config) Merge() Config

Merge - merges a new config with all the missing values for default configs, returns a config.

func (Config) ReadConfig

func (c Config) ReadConfig(r io.Reader) (dynOnly bool, err error)

ReadConfig - read content from input and write into c. Returns whether all parameters were dynamic.

func (Config) SetKVS

func (c Config) SetKVS(s string, defaultKVS map[string]KVS) (dynamic bool, err error)

SetKVS - set specific key values per sub-system.

type Err

type Err struct {
	// contains filtered or unexported fields
}

Err is a structure which contains all information to print a fatal error message in json or pretty mode Err implements error so we can use it anywhere

func ErrorToErr

func ErrorToErr(err error) Err

ErrorToErr inspects the passed error and transforms it to the appropriate UI error.

func (Err) Clone

func (u Err) Clone() Err

Clone returns a new Err struct with the same information

func (Err) Error

func (u Err) Error() string

Error returns the error message

func (Err) Hint

func (u Err) Hint(m string, args ...interface{}) Err

Hint - Replace the current error's message

func (Err) Msg

func (u Err) Msg(m string, args ...interface{}) Err

Msg - Replace the current error's message

type ErrFn

type ErrFn func(err error) Err

ErrFn function wrapper

type Error

type Error struct {
	Err string
}

Error config error type

func (Error) Error

func (e Error) Error() string

type HelpKV

type HelpKV struct {
	Key         string `json:"key"`
	Type        string `json:"type"`
	Description string `json:"description"`
	Optional    bool   `json:"optional"`

	// Indicates if sub-sys supports multiple targets.
	MultipleTargets bool `json:"multipleTargets"`
}

HelpKV - implements help messages for keys with value as description of the keys.

type HelpKVS

type HelpKVS []HelpKV

HelpKVS - implement order of keys help messages.

func (HelpKVS) Lookup

func (hkvs HelpKVS) Lookup(key string) (HelpKV, bool)

Lookup - lookup a key from help kvs.

type KV

type KV struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

KV - is a shorthand of each key value.

type KVS

type KVS []KV

KVS - is a shorthand for some wrapper functions to operate on list of key values.

func (*KVS) Delete

func (kvs *KVS) Delete(key string)

Delete - deletes the key if present from the KV list.

func (KVS) Empty

func (kvs KVS) Empty() bool

Empty - return if kv is empty

func (KVS) Get

func (kvs KVS) Get(key string) string

Get - returns the value of a key, if not found returns empty.

func (KVS) Keys

func (kvs KVS) Keys() []string

Keys returns the list of keys for the current KVS

func (KVS) Lookup

func (kvs KVS) Lookup(key string) (string, bool)

Lookup - lookup a key in a list of KVS

func (*KVS) Set

func (kvs *KVS) Set(key, value string)

Set sets a value, if not sets a default value.

func (KVS) String

func (kvs KVS) String() string

type Target

type Target struct {
	SubSystem string
	KVS       KVS
}

Target signifies an individual target

type Targets

type Targets []Target

Targets sub-system targets

Directories

Path Synopsis
identity
policy
opa

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL